Malicious users can represent not just a nuisance but an outright threat to the well-being of many companies. More specifically, companies (and for that matter any organization) that rely on the Internet or other wide area networks to communicate with their customers, vendors, government agencies, employers, etc. stand vulnerable to a vast variety of hacking related threats. For instance, take a company that has a web site hosted on a third party web server. If a malicious user evades the security measures protecting the application, that malicious user (colloquially termed a “hacker”) can harm, steal, copy, delete, etc. sensitive files, applications, and other information associated with the web site, the users of the web site, and/or the company.
For instance, malicious users can execute cross site request forgeries (CSRF) to take unauthorized actions while acting as or impersonating (electronically) another user. In other cases, local-file-inclusion, remote-file-inclusion (LFI/RFI), command injection and/or structured query logic (SQL) injection hacking techniques can allow malicious users to execute malware or harmful code on hosted web sites. Moreover, if a malicious user somehow manages to access the administrative functions of one web site, that malicious user might be able to use that control to access yet other web sites controlled by that administrative function thereby pivoting from one security breach to another and multiplying the potential for harm. The malicious user's imagination is the only thing limiting the damage likely from such attacks and this is more so the case if that malicious user somehow accesses the administrative rights of the underlying operating system. In such cases, the malicious user could do severe damage, and even cover their tracks (by, for instance, erasing or altering security related audit trails).
Moreover, once having mis-appropriated administrative rights, malicious users sometimes install and/or modify system binaries to install rootkits. By doing so they can create backdoors in to the compromised system that allows them to maintain access to the same despite corrective measures geared toward the more apparent harm that they might have caused. One consequence of these types of breaches is that they can modify the web application to log or copy passwords or other personally or financially sensitive information for subsequent mis-use. In other hacking-related scenarios, malicious users might cause a hosted web site (or other system) to generate voluminous outbound traffic (for instance, spam) much of which often carries malicious software itself. In this latter case, the hosted system becomes a “zombie” or “bot” denying or limiting its usefulness to the owner/operator. The foregoing represents a small sampling of the vast array of threats that on-line systems face.